|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
13:26 EST/18:26 GMT | News Source:
E-Mail |
Posted By: Byron Hinson |
Who should your computer take its orders from? Most people think their computers should obey them, not obey someone else. With a plan they call "trusted computing," large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. Proprietary programs have included malicious features before, but this plan would make it universal.
|
|
#1 By
2459 (24.233.39.98)
at
10/23/2002 2:41:47 PM
|
beeyp, I think you meant http://www.trustedcomputing.org
Though that has nothing to do with Palladium. Palladium is different. It doesn't require signed code. You can even run Stallman's preferred GNU Linux on a Palladium system.
Stallman, as usual, is full of crap. Show me the tech that reports to MS all the software on your harddrive.
edit: Ah, I see beeyp, I didn't look at the page long enough to get the joke. Might I point out a flaw in Linux (in the form of a kernel update) that wipes out your entire file system.
This post was edited by n4cer on Wednesday, October 23, 2002 at 14:46.
|
#2 By
135 (209.180.28.6)
at
10/23/2002 3:18:28 PM
|
#7 - That information comes from a number of sources. I collect my particular statistics from redhat.com... They've published just over 100 security bulletins this year, compared to 60 or so from Microsoft.
I'm going to put up a URL that breaks this down into better detail.
As to Richard Stallman - Apparently he recently showed up at an MIT panel discussion on Palladium and sounded like a raving lunatic. As a result, nobody else in the Q&A wanted to associate with the man, and as such their questions distanced themselves from all of his positions.
RMS does more to discredit Open Source than any other person on the planet, I say we encourage him to write more.
|
#3 By
2459 (24.233.39.98)
at
10/23/2002 3:27:01 PM
|
You wouldn't happen to know where to get a transcript or video of that, would you sodablue? It sounds pretty funny.
|
#4 By
2960 (156.80.64.132)
at
10/23/2002 3:28:22 PM
|
I think it depends.
If it's "Trusted Computing", as in the computer protecting the privacy and security of the CONSUMER, then yes. I'm for that.
But it seems there is a move by certain entities t Hi-Jack the term "Trusted Computing" and twist it into a buzzword for their own benifit. In this example, the underlying motives are not for the good of the consumer, but are instead geared towards controlling what the consumer can and cannot do with their computer, based on the will of some other third-party (usually some corporate entity). In this example, they can take their "Trusted Computing" and stick it where the sun don't shine.
TL
|
#5 By
7797 (63.76.44.252)
at
10/23/2002 3:39:14 PM
|
Redhat posts security bullitens of all 1000000 applications that are included on thier CD this can HARDLY be compared to Windows.
A true comparison would break appart the different parts:
OS
HTTP Server
FTP Server
Mail Server
SQL Server
etc, etc.
Not to mention that other distributions such as Slackware had only about 10 security issues in 2001.. according to the now WAY outdated Securityfocus page you are all referring to:
http://online.securityfocus.com/sfonline/vulns/stats.shtml
I am not saying Linux is better
I am not saying Windows is better
I am saying that that there is more than meets the eye when comparing the number of security bullitens of RedHat to the number from Microsoft
This post was edited by tgnb on Wednesday, October 23, 2002 at 15:42.
|
#6 By
2459 (24.233.39.98)
at
10/23/2002 3:49:20 PM
|
MS posts security bulletins regarding apps included with the OS, separate apps, and flaws that only occur with special combinations of OS services and other software. There's not much difference. If it's included on the disk, someone, potentially, is using it.
One problem with trying to categorize the flaws is where you draw the line of separation. Example: Windows includes a GUI, Redhat includes a GUI, but Linux has no GUI by default. Do you include Gnome, KDE, XFree, etc. in the OS category when comparing Windows and Linux? Though Linux has no default GUI, almost all Linux users use a GUI of some form if using Linux as a desktop OS.
The other problem is differences in functionality and featureset. OSS "equivalents" to Windows software are usually less functional (i.e., have less features).
|
#7 By
135 (209.180.28.6)
at
10/23/2002 4:22:28 PM
|
tgnb - That argument grows tiresome the more I hear it.
How about this question. KDE issued a security bulletin back in I believe July regarding a very similar flaw as what Internet Explorer had. The Linux zealots boasted this as proof of Open Source's superiority. That is, KDE supposedly fixed the problem in 90 minutes. Really it took them 3 weeks to release a binary patch, but that point was ignored. Microsoft took 4 weeks.
Redhat has yet to release an upgrade package for their Linux distribution, even though versions 7.3 and earlier were vulnerable. It's been fixed in 8.0 release.
Oh now this is interesting... KDE has now released v3.0.4... Redhat 8.0 comes with 3.0.3. 3.0.4 includes two security patches. Check Redhat's website... no mention of this.
"I am not saying Linux is better
I am not saying Windows is better"
I'm saying Linux users hide and distort the issues.
|
#8 By
135 (209.180.28.6)
at
10/23/2002 4:48:01 PM
|
beeyp - I'll humor myself by answering your questions.
- Are you anti-Open Source?
Nope.
- Are you anti-GPL?
Pretty much
- Are you anti-Linux?
Nope, it's a good tool for use in education.
- Are you a Zionist pig?
Zionist? Now that's not the kind of accusation I'd expect to hear from a Communist. :)
|
#9 By
2459 (24.233.39.98)
at
10/23/2002 5:21:49 PM
|
Oh please, beeyp.
OpenSSL which had multiple vulnerabilities, MySQL which can't compare to MS SQL Server, PHP, Pearl, and Apache which can't compare to IIS and .NET for programmable, extensible, scalable web applications and services.
Before Apache became Apache, it was called "A Patchy Web Server".
|
#10 By
135 (209.180.28.6)
at
10/23/2002 5:35:07 PM
|
#20 - Actually I haven't gotten around to that. If you want to help let me know, as I'll probably need some help configuring the Apache server.
I did try running PHP under IIS, and it respons horribly.
|
#11 By
135 (209.180.28.6)
at
10/23/2002 6:25:14 PM
|
Oh, I was going to do Linux. I was also going to try both Apache 2.x and 1.3.x... although I hear PHP doesn't work on 2.x. I'm rearranging computers this weekend, so I'll have one available to use for this experiment.
|
#12 By
1845 (12.254.162.111)
at
10/23/2002 7:45:47 PM
|
tgnb,
IIRC you have stated that Red Hat issues advisories on not only the operating system itself, but also on any services, applications, windowing system, etc. that may be included on their setup CD's. You have further stated that these services, applications, windowing systems, etc. are not technically part of the operating system and are optional. Did I get that right?
I can say the same of Microsoft. The Microsoft advisories included not just the operating system (and even at that Microsoft has two operating system branches which it supports), but also SQL Server, Exchange Server, MDAC, IIS, Internet Explorer (part of the OS, but when not used the user isn't vulnerable), Media Player (part of the OS, but when not used, the user isn't vulnerable), MSN/Windows Messenger, Microsoft Office, among other things.
So, yes, the Red Hat number include more than just the operating system, but then so do the Microsoft numbers. In fact, the Microsoft numbers include advisories for stand alone products purchased separately from the operating system (the server products and Microsoft Office).
|
#13 By
1845 (12.254.162.111)
at
10/23/2002 11:19:51 PM
|
"Also, whereas Microsoft advisories are for security flaws in software it coded, RedHat advisories are for security flaws in the RPM packages that it didn't code."
Who cares who coded it if it is included in the operating system? If Microsoft included RSA software to secure something and it has a flaw, it is still Microsoft's overall operating system which is vulnerable. The main point of my statement, is that a vulnerability list from Microsoft contains issues with ALL of their products, not just the ones that come with Windows.
I'm not saying even that comparing vulnerabilities is an accurate depiction of the relative bug state of a system. I'm just pointing out that Microsoft advisories are not solely Windows advisories.
I also very much agree with kev. If it come on the disks with the OS, for a vulnerability count, you may as well count it with the OS. I'd count IIS in with Windows 2000 OSes and Windows XP Pro. I'd count Internet Explorer bugs with the OS too. SQL Server? Nope, that doesn't ship with the OS. Office? Nope, that doesn't ship with the OS either. If RedHat ships a component as part of an OS distro, then in non technical terms it is part of the OS.
|
#14 By
2459 (24.233.39.98)
at
10/24/2002 12:44:56 AM
|
Plus, nothing is stopping Redhat from modifying the code to included packages whether they originally coded it or not. It is Open Source you know. The ability of anyone to make changes to anyone elses code is always touted as a benefit. Other people's software is only regarded as detrimental in cases like this. The solution is simple. Provide updates/support for all the software included on the disk (because someone is using it), or rid the distribution of the software that is redundant and not used by the majority.
|
#15 By
1845 (12.254.162.111)
at
10/24/2002 12:50:07 AM
|
That make sense to me, n4cer.
|
#16 By
7797 (64.192.164.165)
at
10/24/2002 1:08:37 AM
|
If you can't see why it is WRONG to compare the number of security bulletins issued by RedHat for their Linux and MS for their Windows then you are a blind sheep no matter what side of the fence you are. Its like comparing a VW beetle to a 18wheeler. Yes, both are vehicles that drive on roads, both use fuel, but the differences are too great to compare the two.
BTW, Redhat does NOT = Linux
Why is it when people compare Linux flaws they always pick the distro that is weakest in security to make comparisons to Windows? Why not compare the security bullitens of Slackware to MS?
BobSmith:
"So, yes, the Red Hat number include more than just the operating system, but then so do the Microsoft numbers. In fact, the Microsoft numbers include advisories for stand alone products purchased separately from the operating system (the server products and Microsoft Office)."
YES you are RIGHT.. but the ratio is so much greater for whats included by RedHat other than the OS that you STILL CANT possibly compare the 2. Whats the ratio of OS to other apps on WinXP for example and whats that ratio on RedHat?
kevinu:
"if a company bundles software on it's CD's and ships that software to customers, they are taking responsibility and assuming liability for that software."
Thats NOT true. Show us proof where RedHat states that they take responsibility and assume liability for the thousands of apps included on their distro.
This post was edited by tgnb on Thursday, October 24, 2002 at 07:11.
|
#17 By
1845 (12.254.162.111)
at
10/24/2002 1:36:03 AM
|
tgnb,
I'm not a sheep. Rather than resort to name calling, why don't you try to understand the argument at hand?
First of all, can you enumerate the bulletins whose total are the numbers sodablue qutoes? If not, then you really don't know whether the comparison is close or far from being accurate. Let's say that blue uses only bulletins which relate only to the "core" of RedHat's Linux. Let's say he only uses the bulletins which relate to the Windows and not other purchasable offerings. In such a case, a comparison is likely to be rather valid. Can you state with surety that blue didn't, in fact, obtain his numbers in such a manner?
Your VW vs 18 wheeler analogy is unexplained. They way I take it, you are resorting to an emotional response to this intellectual issue. I doubt that you'll respond even to this post intellectually. More than likely you'll give another logic-less reponse full of emotion and passion that doesn't really address the issues at hand.
RedHat != Linux. I'm well aware of that. RedHat Linux == RedHat Linux, though. I believe the comparison about which we are speaking is between RedHat Linux and Microsoft Windows. All discussion has been in this context. There is no need to confuse the issue by taking it out of this context.
Why do folks compare to RedHat Linux when the compare to Linux? More than likely they do it because until recently (it seems that MandrakeSoft's distro has overtaken RedHat) RedHat had the largest marketshare of Linux vendors. If any comparison is to be made at all to Linux, the distro with the highest marketshare would be the most likely candidate for comparison.
|
#18 By
135 (208.50.201.48)
at
10/24/2002 1:38:22 AM
|
beeyp - I was going to use a machine which is a PII-333Mhz with 256Megs of RAM. Anything faster I'd probably run into network saturation issues. Haven't decided yet on distro and such. Just haven't gotten to that point. As far as benchmarking software... I have access to Mercury Interactive Loadrunner through work.
tgnb - I don't think it's wrong, I think a distro like Redhat takes on a responsibility to support the software when they distribute it on their CDs. That's why they charge $150 for it, isn't it?
As far as distro. I wouldn't say Slackware is better. Their propaganda website mentions Slackware 8.1 shipped in June with KDE 3.0.1... Again this version has security holes, and I see no mention anywhere on the site that 3.0.4 is available, or even 3.0.3 which fixed the SSL bug.
Slackware is simply ignoring the issue, they aren't addressing it.
|
#19 By
1845 (12.254.162.111)
at
10/24/2002 1:38:47 AM
|
Lol @ Jagged.
|
#20 By
1845 (12.254.162.111)
at
10/24/2002 9:09:07 AM
|
If the copyright holder does't give you the right to use a copyrighted work in the manner in which you desire, then you don't have that right. Your whim is NOT your right.
|
#21 By
1845 (12.254.162.111)
at
10/24/2002 10:01:23 AM
|
Interesting that you quoted me, rather than the first guy who said "Redhat does NOT = Linux".
|
#22 By
135 (209.180.28.6)
at
10/24/2002 10:30:49 AM
|
beeyp - But the fact that Redhat includes all those packages is signifigant in comparing which OS is "better."
Most of the issues that Microsoft has had with security have been the result of a tradeoff between functionality and security. That is, they were design choices.
In the case of Redhat, they make design choices by including a variety of packages with their distribution, as such it is entirely fair to be critical of those choices by pointing out the problems they cause.
BTW, I think I'm going to go to the Slashdot meetup tonight in Minneapolis... It's at Pizza Luce if anybody wants to see an interesting argument. :-)
|
#23 By
2459 (24.233.39.98)
at
10/24/2002 10:52:24 PM
|
Are they going to try to Open Source the pizza recipe? :-)
|
|
|
|
|